diff --git a/hapsigntool_cpp/BUILD.gn b/hapsigntool_cpp/BUILD.gn index 9711a538cd7214138a851ae8439fac27bc29ac20..a2817c76e3e9250594c4f300d286c5e844a348bc 100644 --- a/hapsigntool_cpp/BUILD.gn +++ b/hapsigntool_cpp/BUILD.gn @@ -49,7 +49,6 @@ signature_tools_main_include = [ signature_tools_main_src = [ "main.cpp", - "${signature_tools_api}/src/localization_adapter.cpp", "${signature_tools_api}/src/sign_tool_service_impl.cpp", "${signature_tools_api}/src/cert_tools.cpp", "${signature_tools_signer}/src/signer_factory.cpp", @@ -106,7 +105,7 @@ ohos_executable("hap-sign-tool") { ] install_images = [ "system" ] - install_enable = true + install_enable = false part_name = "hapsigner" subsystem_name = "developtools" } diff --git a/hapsigntool_cpp/api/include/cert_tools.h b/hapsigntool_cpp/api/include/cert_tools.h index bf34fded459718ee5a1bd1155cdca9a7aa05decd..c0b05b60c52267c56f901a295a7f276329477e15 100644 --- a/hapsigntool_cpp/api/include/cert_tools.h +++ b/hapsigntool_cpp/api/include/cert_tools.h @@ -14,6 +14,7 @@ */ #ifndef SIGNATRUETOOLS_CERT_TOOLS_H #define SIGNATRUETOOLS_CERT_TOOLS_H +#include #include "cert_dn_utils.h" #include "openssl/x509v3.h" @@ -63,7 +64,7 @@ public: static bool SetExpandedInformation(X509* cert, Options* options); static bool SetPubkeyAndSignCert(X509* cert, X509_REQ* issuercsr, X509_REQ* certReq, EVP_PKEY* keyPair, Options* options); - static bool PrintCertChainToCmd(std::vector& certChain); + static bool String2Bool(Options* options, const std::string& option); CertTools() = default; ~CertTools() = default; }; diff --git a/hapsigntool_cpp/api/src/cert_tools.cpp b/hapsigntool_cpp/api/src/cert_tools.cpp index cbb0719c53d7d47a619fb621278e5e1714a2dab4..4a003f898f9816b08a1636fb14e72ec1a85c16a6 100644 --- a/hapsigntool_cpp/api/src/cert_tools.cpp +++ b/hapsigntool_cpp/api/src/cert_tools.cpp @@ -25,7 +25,6 @@ #include "openssl/asn1.h" #include "signature_tools_log.h" #include "constant.h" -#include "cmd_util.h" namespace OHOS { namespace SignatureTools { @@ -76,7 +75,7 @@ bool CertTools::SaveCertTofile(const std::string& filename, X509* cert) static bool UpdateConstraint(Options* options) { if (options->count(Options::BASIC_CONSTRAINTS)) { - if (!CmdUtil::String2Bool(options, Options::BASIC_CONSTRAINTS)) { + if (!CertTools::String2Bool(options, Options::BASIC_CONSTRAINTS)) { return false; } } else { @@ -84,7 +83,7 @@ static bool UpdateConstraint(Options* options) } if (options->count(Options::BASIC_CONSTRAINTS_CRITICAL)) { - if (!CmdUtil::String2Bool(options, Options::BASIC_CONSTRAINTS_CRITICAL)) { + if (!CertTools::String2Bool(options, Options::BASIC_CONSTRAINTS_CRITICAL)) { return false; } } else { @@ -92,7 +91,7 @@ static bool UpdateConstraint(Options* options) } if (options->count(Options::BASIC_CONSTRAINTS_CA)) { - if (!CmdUtil::String2Bool(options, Options::BASIC_CONSTRAINTS_CA)) { + if (!CertTools::String2Bool(options, Options::BASIC_CONSTRAINTS_CA)) { return false; } } else { @@ -101,6 +100,21 @@ static bool UpdateConstraint(Options* options) return true; } +bool CertTools::String2Bool(Options* options, const std::string& option) +{ + std::string val = options->GetString(option); + if (val == "1" || val == "true" || val == "TRUE") { + (*options)[option] = true; + } else if (val == "0" || val == "false" || val == "FALSE") { + (*options)[option] = false; + } else { + PrintErrorNumberMsg("COMMAND_PARAM_ERROR", COMMAND_PARAM_ERROR, + val + "is not valid value for " + "-" + option); + return false; + } + return true; +} + bool CertTools::SetBisicConstraints(Options* options, X509* cert) { if (!UpdateConstraint(options)) { @@ -853,30 +867,6 @@ err: return nullptr; } -bool CertTools::PrintCertChainToCmd(std::vector& certChain) -{ - BIO* outFd = BIO_new_fp(stdout, BIO_NOCLOSE); - if (!outFd) { - PrintErrorNumberMsg("IO_ERROR", IO_ERROR, "The stdout stream may have errors"); - return false; - } - uint64_t format = XN_FLAG_SEP_COMMA_PLUS; // Print according to RFC2253 - uint64_t content = X509_FLAG_NO_EXTENSIONS | X509_FLAG_NO_ATTRIBUTES | X509_FLAG_NO_HEADER | X509_FLAG_NO_SIGDUMP; - int num = 0; - for (auto& cert : certChain) { - PrintMsg("+++++++++++++++++++++++++++++++++certificate #" + std::to_string(num) + - "+++++++++++++++++++++++++++++++++++++"); - if (!X509_print_ex(outFd, cert, format, content)) { - VerifyHapOpensslUtils::GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("print x509 cert to cmd failed"); - BIO_free(outFd); - return false; - } - ++num; - } - BIO_free(outFd); - return true; -} } // namespace SignatureTools } // namespace OHOS diff --git a/hapsigntool_cpp/cmd/signature_tools_cmd.gni b/hapsigntool_cpp/cmd/signature_tools_cmd.gni index 16fdb14a45599b8325cf5db3bc619327aaf59f83..12cc9099b7e22e1e90257cf74295b0582d53c208 100644 --- a/hapsigntool_cpp/cmd/signature_tools_cmd.gni +++ b/hapsigntool_cpp/cmd/signature_tools_cmd.gni @@ -17,7 +17,6 @@ signature_tools_cmd_include = [ "${signature_tools_cmd}/include" ] signature_tools_cmd_src = [ "${signature_tools_cmd}/src/cmd_util.cpp", "${signature_tools_cmd}/src/params_run_tool.cpp", - "${signature_tools_cmd}/src/options.cpp", "${signature_tools_cmd}/src/params_trust_list.cpp", "${signature_tools_cmd}/src/params.cpp", ] diff --git a/hapsigntool_cpp/common/include/digest_common.h b/hapsigntool_cpp/common/include/digest_common.h new file mode 100644 index 0000000000000000000000000000000000000000..f0d6b1f79851a0e57d57d98c967715e20b03bd5c --- /dev/null +++ b/hapsigntool_cpp/common/include/digest_common.h @@ -0,0 +1,64 @@ +/* + * Copyright (c) 2024-2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef SIGNATRUETOOLS_DIGEST_UTILS_H +#define SIGNATRUETOOLS_DIGEST_UTILS_H +#include +#include + +#include "byte_buffer.h" +#include "openssl/evp.h" +#include "openssl/ossl_typ.h" +#include "digest_parameter.h" +#include "pkcs7_context.h" +#include "signature_info.h" +#include "export_define.h" +#include "openssl/pkcs7.h" +#include "openssl/safestack.h" + +namespace OHOS { +namespace SignatureTools { + +enum SignatureAlgorithm { + ALGORITHM_SHA256_WITH_ECDSA = 0x00000201, + ALGORITHM_SHA384_WITH_ECDSA, + ALGORITHM_SHA512_WITH_ECDSA, + ALGORITHM_SHA256_WITH_DSA = 0x00000301, + ALGORITHM_SHA384_WITH_DSA, + ALGORITHM_SHA512_WITH_DSA, +}; + +class DigestCommon { +public: + DigestCommon() = delete; + + static int32_t GetDigest(const ByteBuffer& chunk, const std::vector& optionalBlocks, + const DigestParameter& digestParameter, unsigned char(&out)[EVP_MAX_MD_SIZE]); + static bool DigestInit(const DigestParameter& digestParameter); + static bool DigestUpdate(const DigestParameter& digestParameter, + const unsigned char content[], int32_t len); + static int32_t GetDigest(const DigestParameter& digestParameter, unsigned char(&out)[EVP_MAX_MD_SIZE]); + static int32_t GetDigestAlgorithmOutputSizeBytes(int32_t nId); + DLL_EXPORT static int32_t GetDigestAlgorithmId(int32_t signAlgorithm); + static std::string GetDigestAlgorithmString(int32_t signAlgorithm); + static void GetOpensslErrorMessage(); + +private: + static bool CheckDigestParameter(const DigestParameter& digestParameter); + + static const int32_t OPENSSL_ERR_MESSAGE_MAX_LEN; +}; +} // namespace SignatureTools +} // namespace OHOS +#endif // SIGNATRUETOOLS_VERIFY_OPENSSL_UTILS_H diff --git a/hapsigntool_cpp/api/include/localization_adapter.h b/hapsigntool_cpp/common/include/localization_adapter.h similarity index 98% rename from hapsigntool_cpp/api/include/localization_adapter.h rename to hapsigntool_cpp/common/include/localization_adapter.h index d878e7ff9d47bcff80c2f9e508d0a38fed23abac..b2fa373e969750e3d085085d74216da1704424b6 100644 --- a/hapsigntool_cpp/api/include/localization_adapter.h +++ b/hapsigntool_cpp/common/include/localization_adapter.h @@ -26,7 +26,7 @@ #include "key_store_helper.h" #include "cert_dn_utils.h" #include "signature_tools_log.h" -#include "verify_hap_openssl_utils.h" +#include "digest_common.h" namespace OHOS { namespace SignatureTools { class LocalizationAdapter { diff --git a/hapsigntool_cpp/cmd/include/options.h b/hapsigntool_cpp/common/include/options.h similarity index 100% rename from hapsigntool_cpp/cmd/include/options.h rename to hapsigntool_cpp/common/include/options.h diff --git a/hapsigntool_cpp/utils/include/signature_tools_errno.h b/hapsigntool_cpp/common/include/signature_tools_errno.h similarity index 100% rename from hapsigntool_cpp/utils/include/signature_tools_errno.h rename to hapsigntool_cpp/common/include/signature_tools_errno.h diff --git a/hapsigntool_cpp/utils/include/signature_tools_log.h b/hapsigntool_cpp/common/include/signature_tools_log.h similarity index 100% rename from hapsigntool_cpp/utils/include/signature_tools_log.h rename to hapsigntool_cpp/common/include/signature_tools_log.h diff --git a/hapsigntool_cpp/common/signature_tools_common.gni b/hapsigntool_cpp/common/signature_tools_common.gni index ceeec2a62502ecfe090354638b7f2b6ee59b1716..9c97041fd9e4bc1d9597be0e00bff8b895a233dd 100644 --- a/hapsigntool_cpp/common/signature_tools_common.gni +++ b/hapsigntool_cpp/common/signature_tools_common.gni @@ -20,4 +20,7 @@ signature_tools_common_src = [ "${signature_tools_common}/src/file_data_source.cpp", "${signature_tools_common}/src/random_access_file.cpp", "${signature_tools_common}/src/digest_parameter.cpp", + "${signature_tools_common}/src/digest_common.cpp", + "${signature_tools_common}/src/localization_adapter.cpp", + "${signature_tools_common}/src/options.cpp", ] diff --git a/hapsigntool_cpp/common/src/byte_buffer_data_source.cpp b/hapsigntool_cpp/common/src/byte_buffer_data_source.cpp index fb9a49c4531304da653aefc7089921848a98ba69..16808ccdb5a23b53e0ce07635e431c228cc37c2b 100644 --- a/hapsigntool_cpp/common/src/byte_buffer_data_source.cpp +++ b/hapsigntool_cpp/common/src/byte_buffer_data_source.cpp @@ -13,7 +13,7 @@ * limitations under the License. */ #include "byte_buffer_data_source.h" -#include "verify_hap_openssl_utils.h" +#include "digest_common.h" namespace OHOS { namespace SignatureTools { @@ -46,7 +46,7 @@ bool ByteBufferDataSource::ReadDataAndDigestUpdate(const DigestParameter& digest { const unsigned char* chunk = reinterpret_cast(bytebuffer.GetBufferPtr() + bytebuffer.GetPosition()); - bool res = VerifyHapOpensslUtils::DigestUpdate(digestParam, chunk, chunkSize); + bool res = DigestCommon::DigestUpdate(digestParam, chunk, chunkSize); if (res) { bytebuffer.SetPosition(bytebuffer.GetPosition() + chunkSize); } diff --git a/hapsigntool_cpp/common/src/digest_common.cpp b/hapsigntool_cpp/common/src/digest_common.cpp new file mode 100644 index 0000000000000000000000000000000000000000..b67653fa2b46ad46895d1f128353e29dea97c634 --- /dev/null +++ b/hapsigntool_cpp/common/src/digest_common.cpp @@ -0,0 +1,173 @@ +/* + * Copyright (c) 2024-2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "digest_common.h" +#include "signature_tools_log.h" +#include "openssl/err.h" + +namespace OHOS { +namespace SignatureTools { +const int32_t DigestCommon::OPENSSL_ERR_MESSAGE_MAX_LEN = 1024; + +int32_t DigestCommon::GetDigestAlgorithmOutputSizeBytes(int32_t nId) +{ + return EVP_MD_size(EVP_get_digestbynid(nId)); +} + +bool DigestCommon::CheckDigestParameter(const DigestParameter& digestParameter) +{ + if (digestParameter.md == nullptr) { + SIGNATURE_TOOLS_LOGE("md is nullptr"); + return false; + } + if (digestParameter.ctxPtr == nullptr) { + SIGNATURE_TOOLS_LOGE("ctxPtr is nullptr"); + return false; + } + return true; +} + +bool DigestCommon::DigestInit(const DigestParameter& digestParameter) +{ + if (!CheckDigestParameter(digestParameter)) { + return false; + } + if (EVP_DigestInit(digestParameter.ctxPtr, digestParameter.md) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestInit failed"); + return false; + } + return true; +} + +/* the caller must ensure that EVP_DigestInit was called before calling this function */ +bool DigestCommon::DigestUpdate(const DigestParameter& digestParameter, + const unsigned char content[], int32_t len) +{ + if (content == nullptr) { + SIGNATURE_TOOLS_LOGE("content is nullptr"); + return false; + } + if (!CheckDigestParameter(digestParameter)) { + return false; + } + if (EVP_DigestUpdate(digestParameter.ctxPtr, content, len) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate failed"); + return false; + } + return true; +} + +int32_t DigestCommon::GetDigest(const DigestParameter& digestParameter, + unsigned char(&out)[EVP_MAX_MD_SIZE]) +{ + uint32_t outLen = 0; + if (!CheckDigestParameter(digestParameter)) { + return outLen; + } + if (EVP_DigestFinal(digestParameter.ctxPtr, out, &outLen) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestFinal failed"); + outLen = 0; + } + return outLen; +} + +int32_t DigestCommon::GetDigest(const ByteBuffer& chunk, + const std::vector& optionalBlocks, + const DigestParameter& digestParameter, + unsigned char(&out)[EVP_MAX_MD_SIZE]) +{ + int32_t chunkLen = chunk.Remaining(); + uint32_t outLen = 0; + if (digestParameter.md == nullptr) { + SIGNATURE_TOOLS_LOGE("md is nullprt"); + return outLen; + } + if (digestParameter.ctxPtr == nullptr) { + SIGNATURE_TOOLS_LOGE("ctxPtr is nullprt"); + return outLen; + } + if (EVP_DigestInit(digestParameter.ctxPtr, digestParameter.md) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestInit failed"); + return outLen; + } + if (EVP_DigestUpdate(digestParameter.ctxPtr, chunk.GetBufferPtr(), chunkLen) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate chunk failed"); + return outLen; + } + for (int32_t i = 0; i < static_cast(optionalBlocks.size()); i++) { + chunkLen = optionalBlocks[i].optionalBlockValue.GetCapacity(); + if (EVP_DigestUpdate(digestParameter.ctxPtr, optionalBlocks[i].optionalBlockValue.GetBufferPtr(), + chunkLen) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate %dst optional block failed", i); + return outLen; + } + } + if (EVP_DigestFinal(digestParameter.ctxPtr, out, &outLen) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestFinal failed"); + outLen = 0; + } + return outLen; +} + +void DigestCommon::GetOpensslErrorMessage() +{ + unsigned long retOpenssl; + char errOpenssl[OPENSSL_ERR_MESSAGE_MAX_LEN]; + while ((retOpenssl = ERR_get_error()) != 0) { + ERR_error_string(retOpenssl, errOpenssl); + SIGNATURE_TOOLS_LOGE("openssl err: %lu, message: %s", retOpenssl, errOpenssl); + } +} + +int32_t DigestCommon::GetDigestAlgorithmId(int32_t signAlgorithm) +{ + switch (signAlgorithm) { + case ALGORITHM_SHA256_WITH_ECDSA: + case ALGORITHM_SHA256_WITH_DSA: + return NID_sha256; + case ALGORITHM_SHA384_WITH_ECDSA: + case ALGORITHM_SHA384_WITH_DSA: + return NID_sha384; + case ALGORITHM_SHA512_WITH_ECDSA: + case ALGORITHM_SHA512_WITH_DSA: + return NID_sha512; + default: + SIGNATURE_TOOLS_LOGE("signAlgorithm: %d error", signAlgorithm); + return NID_undef; + } +} + +std::string DigestCommon::GetDigestAlgorithmString(int32_t signAlgorithm) +{ + switch (signAlgorithm) { + case ALGORITHM_SHA256_WITH_ECDSA: + return "SHA-256"; + case ALGORITHM_SHA384_WITH_ECDSA: + return "SHA-384"; + case ALGORITHM_SHA512_WITH_ECDSA: + return "SHA-512"; + default: + SIGNATURE_TOOLS_LOGE("signAlgorithm: %d error", signAlgorithm); + return ""; + } +} +} // namespace SignatureTools +} // namespace OHOS \ No newline at end of file diff --git a/hapsigntool_cpp/api/src/localization_adapter.cpp b/hapsigntool_cpp/common/src/localization_adapter.cpp similarity index 98% rename from hapsigntool_cpp/api/src/localization_adapter.cpp rename to hapsigntool_cpp/common/src/localization_adapter.cpp index ebe1a6f60a5c566c1dc1adb7cc1e424a2b481a9c..c936c3700b975625c162ab25f4c7ed67d7fb88bb 100644 --- a/hapsigntool_cpp/api/src/localization_adapter.cpp +++ b/hapsigntool_cpp/common/src/localization_adapter.cpp @@ -262,7 +262,7 @@ std::vector LocalizationAdapter::GetCertsFromFile(std::string& certPath, BIO* bio = BIO_new_file(certPath.c_str(), "rb"); if (!bio) { PrintErrorNumberMsg("IO_ERROR", IO_ERROR, "open file:" + certPath + "failed"); - VerifyHapOpensslUtils::GetOpensslErrorMessage(); + DigestCommon::GetOpensslErrorMessage(); BIO_free(bio); return certs; } @@ -282,7 +282,7 @@ const std::string LocalizationAdapter::GetInFile() bool LocalizationAdapter::IsRemoteSigner() { std::string mode = options->GetString(Options::MODE, LOCAL_SIGN); - return StringUtils::CaseCompare(mode, REMOTE_SIGN); + return mode == REMOTE_SIGN; } Options* LocalizationAdapter::GetOptions() diff --git a/hapsigntool_cpp/cmd/src/options.cpp b/hapsigntool_cpp/common/src/options.cpp similarity index 100% rename from hapsigntool_cpp/cmd/src/options.cpp rename to hapsigntool_cpp/common/src/options.cpp diff --git a/hapsigntool_cpp/common/src/random_access_file.cpp b/hapsigntool_cpp/common/src/random_access_file.cpp index 9054ae1e559e3a75aa5f1dbe534d0b8a2ea719a6..1ac09a0abb0fe1a1537cf19958446245d83d13fd 100644 --- a/hapsigntool_cpp/common/src/random_access_file.cpp +++ b/hapsigntool_cpp/common/src/random_access_file.cpp @@ -18,7 +18,7 @@ #include "securec.h" #include "signature_info.h" #include "signature_tools_log.h" -#include "verify_hap_openssl_utils.h" +#include "digest_common.h" #include "random_access_file.h" namespace OHOS { @@ -196,7 +196,7 @@ bool RandomAccessFile::ReadFileFromOffsetAndDigestUpdate(const DigestParameter& return false; } unsigned char* content = reinterpret_cast(mmapInfo.mapAddr + mmapInfo.readMoreLen); - bool res = VerifyHapOpensslUtils::DigestUpdate(digestParam, content, chunkSize); + bool res = DigestCommon::DigestUpdate(digestParam, content, chunkSize); munmap(mmapInfo.mapAddr, mmapInfo.mmapSize); return res; } diff --git a/hapsigntool_cpp/hap/provider/include/remote_sign_provider.h b/hapsigntool_cpp/hap/provider/include/remote_sign_provider.h index ae3ff6e2f89ca67c173cb1d02fc838ff34e93986..d8dbde6a82178226c0e16b71886cc4d755a9ba9a 100644 --- a/hapsigntool_cpp/hap/provider/include/remote_sign_provider.h +++ b/hapsigntool_cpp/hap/provider/include/remote_sign_provider.h @@ -24,10 +24,8 @@ namespace OHOS { namespace SignatureTools { class RemoteSignProvider : public SignProvider { public: - static void* handle; - RemoteSignProvider() = default; - ~RemoteSignProvider(); + ~RemoteSignProvider() = default; bool CheckParams(Options* options) override; bool CheckInputCertMatchWithProfile(X509* inputCert, X509* certInProfile)const override; }; diff --git a/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp b/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp index 55b70eccd65a5a59e87dd021058258b305334de3..367d694515aaefe48af66c129a61305e4d190026 100644 --- a/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp +++ b/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp @@ -16,16 +16,6 @@ namespace OHOS { namespace SignatureTools { -void* RemoteSignProvider::handle = nullptr; -RemoteSignProvider::~RemoteSignProvider() -{ - if (handle) { - if (dlclose(handle) != 0) { - SIGNATURE_TOOLS_LOGE("dlclose() %s", dlerror()); - } - } -} - bool RemoteSignProvider::CheckParams(Options* options) { if (!SignProvider::CheckParams(options)) { diff --git a/hapsigntool_cpp/hap/sign/src/sign_hap.cpp b/hapsigntool_cpp/hap/sign/src/sign_hap.cpp index bef94866200e38009ec71d288541bb32e71ec0b4..a9e6a68b8ed6ab7e5c8820c49460749c98d6cfb7 100644 --- a/hapsigntool_cpp/hap/sign/src/sign_hap.cpp +++ b/hapsigntool_cpp/hap/sign/src/sign_hap.cpp @@ -15,6 +15,7 @@ #include "signature_tools_log.h" #include "signature_algorithm_helper.h" #include "bc_pkcs7_generator.h" +#include "digest_common.h" #include "sign_hap.h" namespace OHOS { @@ -34,7 +35,7 @@ bool SignHap::Sign(DataSource* contents[], int32_t len, SignerConfig& config, } SignatureAlgorithm algo = static_cast(algoClass[0].m_id); SIGNATURE_TOOLS_LOGI("[SignHap] Signature Algorithm is %d", algo); - int32_t nId = VerifyHapOpensslUtils::GetDigestAlgorithmId(algo); + int32_t nId = DigestCommon::GetDigestAlgorithmId(algo); DigestParameter digestParam = HapSignerBlockUtils::GetDigestParameter(nId); ByteBuffer digContext; std::vector> nidAndcontentDigestsVec; diff --git a/hapsigntool_cpp/hap/signature_tools_hap.gni b/hapsigntool_cpp/hap/signature_tools_hap.gni index 22639a772bfa1a2a1f75665a0e5e568d35dd68e1..8faa8efbb912435ce10779425972f378659569a6 100644 --- a/hapsigntool_cpp/hap/signature_tools_hap.gni +++ b/hapsigntool_cpp/hap/signature_tools_hap.gni @@ -44,5 +44,6 @@ signature_tools_hap_src = [ "${signature_tools_hap}/sign/src/sign_bin.cpp", "${signature_tools_hap}/sign/src/sign_elf.cpp", "${signature_tools_hap}/utils/src/hap_utils.cpp", + "${signature_tools_hap}/utils/src/dynamic_lib_handle.cpp", "${signature_tools_hap}/sign/src/bc_pkcs7_generator.cpp", ] diff --git a/hapsigntool_cpp/hap/utils/include/dynamic_lib_handle.h b/hapsigntool_cpp/hap/utils/include/dynamic_lib_handle.h new file mode 100644 index 0000000000000000000000000000000000000000..5400fbe0ef9f2fb08461176614229deeca39b997 --- /dev/null +++ b/hapsigntool_cpp/hap/utils/include/dynamic_lib_handle.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2024-2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SIGNATRUETOOLS_DYNAMIC_LIB_HANDLE_H +#define SIGNATRUETOOLS_DYNAMIC_LIB_HANDLE_H + +#include + +#include "signature_tools_log.h" +#include "params.h" + +namespace OHOS { +namespace SignatureTools { +class DynamicLibHandle { +public: + static void* handle; + DynamicLibHandle() = default; + ~DynamicLibHandle(); +}; +} // namespace SignatureTools +} // namespace OHOS +#endif \ No newline at end of file diff --git a/hapsigntool_cpp/hap/utils/src/dynamic_lib_handle.cpp b/hapsigntool_cpp/hap/utils/src/dynamic_lib_handle.cpp new file mode 100644 index 0000000000000000000000000000000000000000..918293213df012155dca2a0e38bbffd321849300 --- /dev/null +++ b/hapsigntool_cpp/hap/utils/src/dynamic_lib_handle.cpp @@ -0,0 +1,30 @@ +/* + * Copyright (c) 2024-2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "dynamic_lib_handle.h" + +namespace OHOS { +namespace SignatureTools { +void* DynamicLibHandle::handle = nullptr; +DynamicLibHandle::~DynamicLibHandle() +{ + if (handle) { + if (dlclose(handle) != 0) { + SIGNATURE_TOOLS_LOGE("dlclose() %s", dlerror()); + } + } +} +} // namespace SignatureTools +} // namespace OHOS \ No newline at end of file diff --git a/hapsigntool_cpp/hap/verify/include/verify_hap.h b/hapsigntool_cpp/hap/verify/include/verify_hap.h index aafb3008d6bd5345c2eb0adf00a116ab871e5cdf..86d32a925cb44ad4f6acc43718d0ed31b519c78e 100644 --- a/hapsigntool_cpp/hap/verify/include/verify_hap.h +++ b/hapsigntool_cpp/hap/verify/include/verify_hap.h @@ -67,6 +67,7 @@ public: bool VerifyAppPkcs7(Pkcs7Context& pkcs7Context, const ByteBuffer& hapSignatureBlock); DLL_EXPORT bool GetDigestAndAlgorithm(Pkcs7Context& digest); + static bool PrintCertChainToCmd(std::vector& certChain); private: bool isPrintCert; diff --git a/hapsigntool_cpp/hap/verify/src/verify_hap.cpp b/hapsigntool_cpp/hap/verify/src/verify_hap.cpp index 8e2c070712f7f3c896c83e98ea8886ce6d6a9116..27ed782c2eca3f20205e69ddcd7ece7c0eca40e7 100644 --- a/hapsigntool_cpp/hap/verify/src/verify_hap.cpp +++ b/hapsigntool_cpp/hap/verify/src/verify_hap.cpp @@ -31,7 +31,6 @@ #include "param_constants.h" #include "file_utils.h" #include "nlohmann/json.hpp" -#include "cert_tools.h" #include "verify_hap.h" using namespace nlohmann; @@ -117,7 +116,7 @@ bool VerifyHap::writeOptionalBytesToFile(const OptionalBlock& optionalBlock, con bool VerifyHap::HapOutPutCertChain(std::vector& certs, const std::string& outPutPath) { if (isPrintCert) { - if (!CertTools::PrintCertChainToCmd(certs)) { + if (!PrintCertChainToCmd(certs)) { SIGNATURE_TOOLS_LOGE("print cert chain to cmd failed\n"); return false; } @@ -140,6 +139,31 @@ bool VerifyHap::HapOutPutCertChain(std::vector& certs, const std::string& return true; } +bool VerifyHap::PrintCertChainToCmd(std::vector& certChain) +{ + BIO* outFd = BIO_new_fp(stdout, BIO_NOCLOSE); + if (!outFd) { + PrintErrorNumberMsg("IO_ERROR", IO_ERROR, "The stdout stream may have errors"); + return false; + } + uint64_t format = XN_FLAG_SEP_COMMA_PLUS; // Print according to RFC2253 + uint64_t content = X509_FLAG_NO_EXTENSIONS | X509_FLAG_NO_ATTRIBUTES | X509_FLAG_NO_HEADER | X509_FLAG_NO_SIGDUMP; + int num = 0; + for (auto& cert : certChain) { + PrintMsg("+++++++++++++++++++++++++++++++++certificate #" + std::to_string(num) + + "+++++++++++++++++++++++++++++++++++++"); + if (!X509_print_ex(outFd, cert, format, content)) { + VerifyHapOpensslUtils::GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("print x509 cert to cmd failed"); + BIO_free(outFd); + return false; + } + ++num; + } + BIO_free(outFd); + return true; +} + int32_t VerifyHap::Verify(const std::string& filePath, Options* options) { SIGNATURE_TOOLS_LOGD("Start Verify"); diff --git a/hapsigntool_cpp/signer/include/signer_factory.h b/hapsigntool_cpp/signer/include/signer_factory.h index 01604bb8f3744a2c663b1856df65cec370b1aaa7..f6ec29ac967975a25b3fd7639ce3ad7a0d5ac027 100644 --- a/hapsigntool_cpp/signer/include/signer_factory.h +++ b/hapsigntool_cpp/signer/include/signer_factory.h @@ -20,7 +20,6 @@ #include "local_signer.h" #include "localization_adapter.h" #include "param_constants.h" -#include "remote_sign_provider.h" namespace OHOS { namespace SignatureTools { diff --git a/hapsigntool_cpp/signer/src/signer_factory.cpp b/hapsigntool_cpp/signer/src/signer_factory.cpp index eeedb350e0f35d5cf28c621ea832ac3e2eab0637..e953bf8cad3f2b1f8e56e2faf238e8f73a9124a0 100644 --- a/hapsigntool_cpp/signer/src/signer_factory.cpp +++ b/hapsigntool_cpp/signer/src/signer_factory.cpp @@ -13,6 +13,7 @@ * limitations under the License. */ #include "signer_factory.h" +#include "dynamic_lib_handle.h" namespace OHOS { namespace SignatureTools { @@ -51,8 +52,8 @@ std::shared_ptr SignerFactory::LoadRemoteSigner(LocalizationAdapter& ada char* userPwd = adapter.GetOptions()->GetChars(ParamConstants::PARAM_REMOTE_USERPWD); // open so - RemoteSignProvider::handle = dlopen(signerPlugin.c_str(), RTLD_NOW | RTLD_GLOBAL); - if (!RemoteSignProvider::handle) { + DynamicLibHandle::handle = dlopen(signerPlugin.c_str(), RTLD_NOW | RTLD_GLOBAL); + if (!DynamicLibHandle::handle) { PrintErrorNumberMsg("LoadRemoteSigner", RET_FAILED, dlerror()); return nullptr; } @@ -61,7 +62,7 @@ std::shared_ptr SignerFactory::LoadRemoteSigner(LocalizationAdapter& ada dlerror(); // get "Create" function - RemoteSignerCreator remoteSignerCreator = (RemoteSignerCreator)dlsym(RemoteSignProvider::handle, "Create"); + RemoteSignerCreator remoteSignerCreator = (RemoteSignerCreator)dlsym(DynamicLibHandle::handle, "Create"); char* error = nullptr; if ((error = dlerror()) != NULL) { SIGNATURE_TOOLS_LOGE("%s", error); diff --git a/hapsigntool_cpp/utils/include/verify_hap_openssl_utils.h b/hapsigntool_cpp/utils/include/verify_hap_openssl_utils.h index 43ecccda6040ff7228a1158894a23282d7c3d897..bbe552dd2b47444249febc36a795bd815b6a20e4 100644 --- a/hapsigntool_cpp/utils/include/verify_hap_openssl_utils.h +++ b/hapsigntool_cpp/utils/include/verify_hap_openssl_utils.h @@ -31,15 +31,6 @@ namespace OHOS { namespace SignatureTools { -enum SignatureAlgorithm { - ALGORITHM_SHA256_WITH_ECDSA = 0x00000201, - ALGORITHM_SHA384_WITH_ECDSA, - ALGORITHM_SHA512_WITH_ECDSA, - ALGORITHM_SHA256_WITH_DSA = 0x00000301, - ALGORITHM_SHA384_WITH_DSA, - ALGORITHM_SHA512_WITH_DSA, -}; - class VerifyHapOpensslUtils { public: VerifyHapOpensslUtils() = delete; @@ -50,15 +41,6 @@ public: DLL_EXPORT static bool GetCrlStack(PKCS7* p7, STACK_OF(X509_CRL)* x509Crl); DLL_EXPORT static bool VerifyPkcs7(Pkcs7Context& pkcs7Context); - static int32_t GetDigest(const ByteBuffer& chunk, const std::vector& optionalBlocks, - const DigestParameter& digestParameter, unsigned char(&out)[EVP_MAX_MD_SIZE]); - static bool DigestInit(const DigestParameter& digestParameter); - static bool DigestUpdate(const DigestParameter& digestParameter, - const unsigned char content[], int32_t len); - static int32_t GetDigest(const DigestParameter& digestParameter, unsigned char(&out)[EVP_MAX_MD_SIZE]); - static int32_t GetDigestAlgorithmOutputSizeBytes(int32_t nId); - DLL_EXPORT static int32_t GetDigestAlgorithmId(int32_t signAlgorithm); - static std::string GetDigestAlgorithmString(int32_t signAlgorithm); static void GetOpensslErrorMessage(); private: @@ -70,8 +52,6 @@ private: static bool GetContentInfo(const PKCS7* p7ContentInfo, ByteBuffer& content); static bool CheckPkcs7SignedDataIsValid(const PKCS7* p7); - static bool CheckDigestParameter(const DigestParameter& digestParameter); - static const int32_t OPENSSL_PKCS7_VERIFY_SUCCESS; static const int32_t OPENSSL_ERR_MESSAGE_MAX_LEN; static const int32_t OPENSSL_READ_DATA_MAX_TIME; diff --git a/hapsigntool_cpp/utils/src/hap_signer_block_utils.cpp b/hapsigntool_cpp/utils/src/hap_signer_block_utils.cpp index c150e4febe59dad8875f20dd973a90b2ccf3034b..51bfad3fd0eeb000d9058bdd8ed263f217d046ff 100644 --- a/hapsigntool_cpp/utils/src/hap_signer_block_utils.cpp +++ b/hapsigntool_cpp/utils/src/hap_signer_block_utils.cpp @@ -24,7 +24,7 @@ #include "securec.h" #include "byte_buffer_data_source.h" #include "file_data_source.h" -#include "verify_hap_openssl_utils.h" +#include "digest_common.h" #include "signature_tools_log.h" #include "signature_tools_errno.h" @@ -453,7 +453,7 @@ bool HapSignerBlockUtils::VerifyHapIntegrity( FileDataSource centralDir(hapFile, signInfo.hapCentralDirOffset, centralDirSize, 0); ByteBufferDataSource eocd(signInfo.hapEocd); DataSource* content[ZIP_BLOCKS_NUM_NEED_DIGEST] = {&contentsZip, ¢ralDir, &eocd}; - int32_t nId = VerifyHapOpensslUtils::GetDigestAlgorithmId(digestInfo.digestAlgorithm); + int32_t nId = DigestCommon::GetDigestAlgorithmId(digestInfo.digestAlgorithm); DigestParameter digestParam = GetDigestParameter(nId); ByteBuffer chunkDigest; if (!ComputeDigestsForEachChunk(digestParam, content, ZIP_BLOCKS_NUM_NEED_DIGEST, chunkDigest)) { @@ -472,7 +472,7 @@ bool HapSignerBlockUtils::VerifyHapIntegrity( return false; } PrintMsg(std::string("Digest verify result: ") + "success" + ", DigestAlgorithm: " - + VerifyHapOpensslUtils::GetDigestAlgorithmString(digestInfo.digestAlgorithm)); + + DigestCommon::GetDigestAlgorithmString(digestInfo.digestAlgorithm)); return true; } @@ -483,7 +483,7 @@ bool HapSignerBlockUtils::ComputeDigestsWithOptionalBlock(const DigestParameter& ByteBuffer& finalDigest) { unsigned char out[EVP_MAX_MD_SIZE]; - int32_t digestLen = VerifyHapOpensslUtils::GetDigest(chunkDigest, optionalBlocks, digestParam, out); + int32_t digestLen = DigestCommon::GetDigest(chunkDigest, optionalBlocks, digestParam, out); if (digestLen != digestParam.digestOutputSizeBytes) { SIGNATURE_TOOLS_LOGE("GetDigest failed, outLen is not right, %u, %d", digestLen, digestParam.digestOutputSizeBytes); @@ -558,7 +558,7 @@ bool HapSignerBlockUtils::ComputeDigestsForEachChunk(const DigestParameter& dige return false; } - int32_t digestLen = VerifyHapOpensslUtils::GetDigest(digestParam, outBlock); + int32_t digestLen = DigestCommon::GetDigest(digestParam, outBlock); if (digestLen != digestParam.digestOutputSizeBytes) { SIGNATURE_TOOLS_LOGE("GetDigest failed len: %d digestSizeBytes: %d", digestLen, digestParam.digestOutputSizeBytes); @@ -575,7 +575,7 @@ bool HapSignerBlockUtils::ComputeDigestsForEachChunk(const DigestParameter& dige DigestParameter HapSignerBlockUtils::GetDigestParameter(int32_t nId) { DigestParameter digestParam; - digestParam.digestOutputSizeBytes = VerifyHapOpensslUtils::GetDigestAlgorithmOutputSizeBytes(nId); + digestParam.digestOutputSizeBytes = DigestCommon::GetDigestAlgorithmOutputSizeBytes(nId); digestParam.md = EVP_get_digestbynid(nId); digestParam.ctxPtr = EVP_MD_CTX_create(); EVP_MD_CTX_init(digestParam.ctxPtr); @@ -606,12 +606,12 @@ bool HapSignerBlockUtils::InitDigestPrefix(const DigestParameter& digestParam, return false; } - if (!VerifyHapOpensslUtils::DigestInit(digestParam)) { + if (!DigestCommon::DigestInit(digestParam)) { SIGNATURE_TOOLS_LOGE("DigestInit failed"); return false; } - if (!VerifyHapOpensslUtils::DigestUpdate(digestParam, chunkContentPrefix, ZIP_CHUNK_DIGEST_PRIFIX_LEN)) { + if (!DigestCommon::DigestUpdate(digestParam, chunkContentPrefix, ZIP_CHUNK_DIGEST_PRIFIX_LEN)) { SIGNATURE_TOOLS_LOGE("DigestUpdate failed"); return false; } diff --git a/hapsigntool_cpp/utils/src/verify_hap_openssl_utils.cpp b/hapsigntool_cpp/utils/src/verify_hap_openssl_utils.cpp index 3c99e2a11e24c17ac62abf5afd8d96fb6654985f..4580a9d98f69dba3c4b87b419682a0e670aa67e9 100644 --- a/hapsigntool_cpp/utils/src/verify_hap_openssl_utils.cpp +++ b/hapsigntool_cpp/utils/src/verify_hap_openssl_utils.cpp @@ -243,113 +243,6 @@ bool VerifyHapOpensslUtils::GetContentInfo(const PKCS7* p7ContentInfo, ByteBuffe return true; } -int32_t VerifyHapOpensslUtils::GetDigestAlgorithmOutputSizeBytes(int32_t nId) -{ - return EVP_MD_size(EVP_get_digestbynid(nId)); -} - -bool VerifyHapOpensslUtils::CheckDigestParameter(const DigestParameter& digestParameter) -{ - if (digestParameter.md == nullptr) { - SIGNATURE_TOOLS_LOGE("md is nullptr"); - return false; - } - if (digestParameter.ctxPtr == nullptr) { - SIGNATURE_TOOLS_LOGE("ptrCtx is nullptr"); - return false; - } - return true; -} - -bool VerifyHapOpensslUtils::DigestInit(const DigestParameter& digestParameter) -{ - if (!CheckDigestParameter(digestParameter)) { - return false; - } - if (EVP_DigestInit(digestParameter.ctxPtr, digestParameter.md) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestInit failed"); - return false; - } - return true; -} - -/* the caller must ensure that EVP_DigestInit was called before calling this function */ -bool VerifyHapOpensslUtils::DigestUpdate(const DigestParameter& digestParameter, - const unsigned char content[], int32_t len) -{ - if (content == nullptr) { - SIGNATURE_TOOLS_LOGE("content is nullptr"); - return false; - } - if (!CheckDigestParameter(digestParameter)) { - return false; - } - if (EVP_DigestUpdate(digestParameter.ctxPtr, content, len) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate chunk failed"); - return false; - } - return true; -} - -int32_t VerifyHapOpensslUtils::GetDigest(const DigestParameter& digestParameter, - unsigned char(&out)[EVP_MAX_MD_SIZE]) -{ - uint32_t outLen = 0; - if (!CheckDigestParameter(digestParameter)) { - return outLen; - } - if (EVP_DigestFinal(digestParameter.ctxPtr, out, &outLen) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestFinal failed"); - outLen = 0; - } - return outLen; -} - -int32_t VerifyHapOpensslUtils::GetDigest(const ByteBuffer& chunk, - const std::vector& optionalBlocks, - const DigestParameter& digestParameter, - unsigned char(&out)[EVP_MAX_MD_SIZE]) -{ - int32_t chunkLen = chunk.Remaining(); - uint32_t outLen = 0; - if (digestParameter.md == nullptr) { - SIGNATURE_TOOLS_LOGE("md is nullprt"); - return outLen; - } - if (digestParameter.ctxPtr == nullptr) { - SIGNATURE_TOOLS_LOGE("ptrCtx is nullprt"); - return outLen; - } - if (EVP_DigestInit(digestParameter.ctxPtr, digestParameter.md) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestInit failed"); - return outLen; - } - if (EVP_DigestUpdate(digestParameter.ctxPtr, chunk.GetBufferPtr(), chunkLen) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate chunk failed"); - return outLen; - } - for (int32_t i = 0; i < static_cast(optionalBlocks.size()); i++) { - chunkLen = optionalBlocks[i].optionalBlockValue.GetCapacity(); - if (EVP_DigestUpdate(digestParameter.ctxPtr, optionalBlocks[i].optionalBlockValue.GetBufferPtr(), - chunkLen) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate %dst optional block failed", i); - return outLen; - } - } - if (EVP_DigestFinal(digestParameter.ctxPtr, out, &outLen) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestFinal failed"); - outLen = 0; - } - return outLen; -} - void VerifyHapOpensslUtils::GetOpensslErrorMessage() { unsigned long retOpenssl; @@ -359,38 +252,5 @@ void VerifyHapOpensslUtils::GetOpensslErrorMessage() SIGNATURE_TOOLS_LOGE("openssl err: %lu, message: %s", retOpenssl, errOpenssl); } } - -int32_t VerifyHapOpensslUtils::GetDigestAlgorithmId(int32_t signAlgorithm) -{ - switch (signAlgorithm) { - case ALGORITHM_SHA256_WITH_ECDSA: - case ALGORITHM_SHA256_WITH_DSA: - return NID_sha256; - case ALGORITHM_SHA384_WITH_ECDSA: - case ALGORITHM_SHA384_WITH_DSA: - return NID_sha384; - case ALGORITHM_SHA512_WITH_ECDSA: - case ALGORITHM_SHA512_WITH_DSA: - return NID_sha512; - default: - SIGNATURE_TOOLS_LOGE("signAlgorithm: %d error", signAlgorithm); - return NID_undef; - } -} - -std::string VerifyHapOpensslUtils::GetDigestAlgorithmString(int32_t signAlgorithm) -{ - switch (signAlgorithm) { - case ALGORITHM_SHA256_WITH_ECDSA: - return "SHA-256"; - case ALGORITHM_SHA384_WITH_ECDSA: - return "SHA-384"; - case ALGORITHM_SHA512_WITH_ECDSA: - return "SHA-512"; - default: - SIGNATURE_TOOLS_LOGE("signAlgorithm: %d error", signAlgorithm); - return ""; - } -} } // namespace SignatureTools } // namespace OHOS \ No newline at end of file diff --git a/hapsigntool_cpp_test/BUILD.gn b/hapsigntool_cpp_test/BUILD.gn index 534957e5494afac673732d374995769afb57618b..811259ff0d8be12122a9781ee8ab3d26578c3c71 100644 --- a/hapsigntool_cpp_test/BUILD.gn +++ b/hapsigntool_cpp_test/BUILD.gn @@ -63,7 +63,6 @@ config("service_include") { ohos_source_set("service_target") { sources_obj = [ "${signature_tools_api}/src/sign_tool_service_impl.cpp", - "${signature_tools_api}/src/localization_adapter.cpp", "${signature_tools_api}/src/cert_tools.cpp", "${signature_tools_signer}/src/signer_factory.cpp", "${signature_tools_signer}/src/local_signer.cpp", @@ -87,13 +86,13 @@ ohos_source_set("service_target") { "//third_party/bzip2:libbz2", "//third_party/openssl:libcrypto_shared", "//third_party/openssl:libssl_shared", - "//third_party/zlib:shared_libz", ] public_external_deps = [ "c_utils:utils", "hilog:libhilog", "json:nlohmann_json_static", + "zlib:shared_libz", ] part_name = "hapsigner" diff --git a/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.cpp b/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.cpp index a9cc2a4fb3dd96101210df3b76e9cc25fdcf62dd..d175f07551951058a938a2e4d496bee61c44987c 100644 --- a/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.cpp +++ b/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.cpp @@ -30,7 +30,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_001, testing::ext::TestSize SIGNATURE_TOOLS_LOGI("hello world !!!"); DigestParameter parameter; - bool ret = VerifyHapOpensslUtils::DigestInit(parameter); + bool ret = DigestCommon::DigestInit(parameter); EXPECT_EQ(ret, false); } @@ -45,7 +45,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_002, testing::ext::TestSize SIGNATURE_TOOLS_LOGI("hello world !!!"); DigestParameter parameter; parameter.md = EVP_sha256(); - bool ret = VerifyHapOpensslUtils::DigestInit(parameter); + bool ret = DigestCommon::DigestInit(parameter); EXPECT_EQ(ret, false); } @@ -61,7 +61,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_003, testing::ext::TestSize parameter.md = EVP_sha256(); const unsigned char content[] = "123"; int32_t len = 5; - bool ret = VerifyHapOpensslUtils::DigestUpdate(parameter, content, len); + bool ret = DigestCommon::DigestUpdate(parameter, content, len); EXPECT_EQ(ret, false); } @@ -76,7 +76,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_004, testing::ext::TestSize DigestParameter parameter; parameter.md = EVP_sha256(); int32_t len = 5; - bool ret = VerifyHapOpensslUtils::DigestUpdate(parameter, nullptr, len); + bool ret = DigestCommon::DigestUpdate(parameter, nullptr, len); EXPECT_EQ(ret, false); } @@ -90,7 +90,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_005, testing::ext::TestSize { DigestParameter parameter; unsigned char dig[EVP_MAX_MD_SIZE]; - int32_t ret = VerifyHapOpensslUtils::GetDigest(parameter, dig); + int32_t ret = DigestCommon::GetDigest(parameter, dig); EXPECT_EQ(ret, 0); } @@ -107,7 +107,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_006, testing::ext::TestSize ByteBuffer chunk; std::vector optionalBlocks; unsigned char out[EVP_MAX_MD_SIZE]; - int32_t ret = VerifyHapOpensslUtils::GetDigest(chunk, optionalBlocks, parameter, out); + int32_t ret = DigestCommon::GetDigest(chunk, optionalBlocks, parameter, out); EXPECT_EQ(ret, 0); } @@ -127,7 +127,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_007, testing::ext::TestSize ByteBuffer chunk; std::vector optionalBlocks; unsigned char out[EVP_MAX_MD_SIZE]; - int32_t ret = VerifyHapOpensslUtils::GetDigest(chunk, optionalBlocks, parameter, out); + int32_t ret = DigestCommon::GetDigest(chunk, optionalBlocks, parameter, out); EXPECT_EQ(ret, 0); } @@ -139,9 +139,9 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_007, testing::ext::TestSize */ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_008, testing::ext::TestSize.Level1) { - int32_t digId = VerifyHapOpensslUtils::GetDigestAlgorithmId(ALGORITHM_SHA384_WITH_ECDSA); + int32_t digId = DigestCommon::GetDigestAlgorithmId(ALGORITHM_SHA384_WITH_ECDSA); EXPECT_EQ(digId, NID_sha384); - digId = VerifyHapOpensslUtils::GetDigestAlgorithmId(ALGORITHM_SHA512_WITH_ECDSA); + digId = DigestCommon::GetDigestAlgorithmId(ALGORITHM_SHA512_WITH_ECDSA); EXPECT_EQ(digId, NID_sha512); } diff --git a/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.h b/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.h index 0b460b764e62e5489b07596e06a3a9645f47d73e..d533d3295cd2a16698469ded7b5283d4c0d9eb9e 100644 --- a/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.h +++ b/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.h @@ -20,6 +20,7 @@ #include "sign_tool_service_impl.h" #include "signature_tools_log.h" #include "verify_hap_openssl_utils.h" +#include "digest_common.h" #include namespace OHOS { diff --git a/hapsigntool_cpp_test/unittest/hapSign/hap_sign_test.cpp b/hapsigntool_cpp_test/unittest/hapSign/hap_sign_test.cpp index 617251aa3f700c8054352f811ee7978241f07f51..4ce7d54bbd17921959fb365a3336ceb8d526be30 100644 --- a/hapsigntool_cpp_test/unittest/hapSign/hap_sign_test.cpp +++ b/hapsigntool_cpp_test/unittest/hapSign/hap_sign_test.cpp @@ -20,6 +20,7 @@ #include "sign_tool_service_impl.h" #include "remote_sign_provider.h" #include "hap_sign_test.h" +#include "digest_common.h" #include namespace OHOS { @@ -543,7 +544,7 @@ HWTEST_F(HapSignTest, hap_sign_test_012, testing::ext::TestSize.Level1) ByteBuffer dig_context; SignatureAlgorithm algo = SignatureAlgorithm::ALGORITHM_SHA256_WITH_ECDSA; - int32_t nId = VerifyHapOpensslUtils::GetDigestAlgorithmId(algo); + int32_t nId = DigestCommon::GetDigestAlgorithmId(algo); DigestParameter digestParam = HapSignerBlockUtils::GetDigestParameter(nId); bool ret = SignHap::ComputeDigests(digestParam, contents, len, optionalBlocks, dig_context); @@ -1133,7 +1134,7 @@ HWTEST_F(HapSignTest, hap_sign_test_026, testing::ext::TestSize.Level1) ByteBuffer dig_context; SignatureAlgorithm algo = SignatureAlgorithm::ALGORITHM_SHA256_WITH_ECDSA; - int32_t nId = VerifyHapOpensslUtils::GetDigestAlgorithmId(algo); + int32_t nId = DigestCommon::GetDigestAlgorithmId(algo); DigestParameter digestParam = HapSignerBlockUtils::GetDigestParameter(nId); SignerConfig config; diff --git a/hapsigntool_cpp_test/unittest/hapVerify/hap_verify_test.cpp b/hapsigntool_cpp_test/unittest/hapVerify/hap_verify_test.cpp index ee6e9b91f0e22876120fc942831be1e743e1caa7..4a0b1494d1a37d3fc48a630c80494bb1c87272ef 100644 --- a/hapsigntool_cpp_test/unittest/hapVerify/hap_verify_test.cpp +++ b/hapsigntool_cpp_test/unittest/hapVerify/hap_verify_test.cpp @@ -34,6 +34,7 @@ #include "hap_utils.h" #include "cert_dn_utils.h" #include "signer_config.h" +#include "digest_common.h" using namespace testing::ext; @@ -899,15 +900,15 @@ HWTEST_F(VerifyHapTest, VerifyHapError018, TestSize.Level0) HWTEST_F(VerifyHapTest, VerifyHapError019, TestSize.Level0) { int32_t signAlgorithm = ALGORITHM_SHA256_WITH_ECDSA; - std::string ret = VerifyHapOpensslUtils::GetDigestAlgorithmString(signAlgorithm); + std::string ret = DigestCommon::GetDigestAlgorithmString(signAlgorithm); signAlgorithm = ALGORITHM_SHA384_WITH_ECDSA; - ret = VerifyHapOpensslUtils::GetDigestAlgorithmString(signAlgorithm); + ret = DigestCommon::GetDigestAlgorithmString(signAlgorithm); signAlgorithm = ALGORITHM_SHA512_WITH_ECDSA; - ret = VerifyHapOpensslUtils::GetDigestAlgorithmString(signAlgorithm); + ret = DigestCommon::GetDigestAlgorithmString(signAlgorithm); signAlgorithm = ALGORITHM_SHA512_WITH_DSA; - ret = VerifyHapOpensslUtils::GetDigestAlgorithmString(signAlgorithm); + ret = DigestCommon::GetDigestAlgorithmString(signAlgorithm); EXPECT_EQ(ret, ""); }